SCEL License Manager

Signing Key

Your Ed25519 key pair. The private key signs Release Files; the public key allows anyone to verify them. Generate once, then back up the private key offline.

No key loaded.

Import an existing key pair

Private Key (base64 PKCS#8)

Public Key (base64 raw)

Issue a New SCEL License

Fill in the Approved Project details and the Designated Folder paths. The tool will produce a signed Release File, a registry entry, and a verification bundle.

License identification

License ID

Approval Codename

Date of Issuance

Approved Project

Licensee

Licensee Name (business / legal entity)

Optional licensee details (recommended for German entities)

Legal entity form (GmbH, AG, e.K., ...)

Registration (HRB / HRA number)

Registered Address (street, postal code, city, country)

Contact Email (for revocation notices)

Designated Folders

Folder Paths (one per line)

Verify a Release File

Paste a verification bundle, or paste the Release File, signature, and public key separately. The tool will run the full SCEL Section 7 verification.

Option A — Verify a bundle (single file)

Verification Bundle JSON

Option B — Verify separate files

Release File JSON

Signature (base64)

Public Key (base64)

Option C — Cross-check against registry entry (optional)

Registry entry JSON (just the value, not the wrapping object)

After running Option A or B, the registry value is matched against the Release File.

How to use this tool

1. First-time setup

Go to the Keys tab and click Generate New Key Pair. Immediately export and back up the private key — store it offline (encrypted USB, hardware token, paper backup in a safe).

Publish the public key at a stable URL under your control (e.g. https://suitefish.example/scel/pubkey). Once published, never change the URL.

2. Issuing a license

Open the Issue License tab. Fill in the License ID (use the generator), Approval Codename, Approved Project name, Licensee details, and the list of Designated Folders.

Click Sign Release File. The tool produces a Release File, a detached signature, a self-contained verification bundle, and a registry entry to append to your public registry.json.

Deliver the verification bundle to the licensee. Update your registry. Re-sign and republish the registry file.

3. Verifying a license

Open the Verify License tab. Paste the bundle (or the parts) plus your public key. The tool runs:

Required-fields presence check
Ed25519 signature verification
SHA-256 folder list hash recomputation and comparison
License ID format check
Optionally: cross-check against registry entry

4. Revocation

Revocation is done by updating the entry in registry.json (set status to "revoked"), re-signing the registry with this tool, and republishing it. The verifier will then see the revoked status.

Security guarantees

All cryptography is done locally in your browser via the built-in WebCrypto API. No external libraries, no network requests, no servers. Your private key is held only in this tab's memory and is erased when you close it.

The signing algorithm is Ed25519. The hash algorithm is SHA-256. Both meet the requirements stated in Section 7 of SCEL v1.4.

File formats

release_<ID>.json — the Release File. Canonical JSON. The content covered by the signature is the canonical serialization with sorted keys.

release_<ID>.sig — the detached Ed25519 signature, base64-encoded.

release_<ID>.scel-bundle.json — combined bundle with release file, signature, public key fingerprint, and format identifier.

suitefish_scel.pub / suitefish_scel.key — exported public / private key files.

Reference

This tool implements the authentication mechanism described in scel_signing_system.md and required by Section 7 of scel_1.4.md.